The recent Distributed-Denial-of-Service (DDoS) attacks enabled by malware-infected IP cameras, DVRs and other embedded devices have caused fresh concerns about the future of IoT security. What is particularly problematic about the attacks is the fact that it is not the suppliers of compromised products or their customers that must deal with the direct consequences, but various other parties affected by them. On one hand, the incidents highlight the insufficient incentives that developers involved in consumer IoT often have when it comes to security of their products and applications. On the other hand, they also demonstrate that IoT security is a matter of public interest, and even of national security.

This Research Note discusses the role of the IoT as an enabler of massive-scale DDoS attacks, and makes proposals to mitigate the related risks in the future.